Connect with us

Hi, what are you looking for?



Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software

Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution.

Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution.

RSLinx Classic, which Rockwell claims is the most widely installed communications software in automation, is designed for connecting Allen Bradley programmable logic controllers (PLCs) to programming, data acquisition and configuration applications.

Researchers at Tenable discovered that a DLL file used by the product has an input validation issue that can be used to trigger a buffer overflow by passing data in a Forward Open service request to a fixed-size buffer.

This buffer overflow, tracked as CVE-2019-6553, can be exploited to cause the application to enter a DoS condition and crash, and possibly even to execute arbitrary code on the victim’s machine.

The vulnerability can be exploited remotely by sending a specially crafted package to the RSLinx Classic application on port 44818. A CVSS score of 10 has been assigned to the flaw.

Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference

According to Rockwell, the security hole affects RSLinx Classic versions 4.10.00 and earlier. The company has released patches for each of the impacted versions, but mitigations are also available.

Users can prevent potential attacks by disabling port 44818, which is typically needed when they want to use unsolicited UDP messages. This port can be disabled by unchecking the “Accept UDP Messages on Ethernet Port” in the tool’s Options screen in the General tab.

Advertisement. Scroll to continue reading.

Rockwell has pointed out that in RSLinx 4.10 and later this feature has been disabled by default.

Both ICS-CERT and Rockwell Automation released advisories this week to warn users about the flaw – the Rockwell advisory can only be accessed by registered users.

Rockwell Automation is currently working on patches for two vulnerabilities affecting its Allen-Bradley PowerMonitor 1000 products. Details of these flaws have been public since November 2018.

Related: Rockwell Automation Patches Severe Flaws in Communications Software

Related: Rockwell Automation Switches Exposed to Attacks by Cisco IOS Flaws

Related: Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.